#!/bin/bash
#
# ==================================================

# initialisasi mariadb
sudo apt update
sudo apt-get install software-properties-common
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
sudo apt install mariadb-server
mysql_secure_installation

# install php
apt-get -y install apt-transport-https lsb-release ca-certificates curl
add-apt-repository ppa:ondrej/php && apt-get update
apt-get install php5.6-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
apt-get install php7.3-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
apt-get install php8.0-{cli,pdo,fpm,zip,gd,xml,mysql,cgi}
#	list='php php-dev php-fpm php-xml libmcrypt-dev php-pear php-intl php-enchant php-soap php-embed php-tidy php-bcmath php-gd php-xmlrpc php-zip php-ldap php-redis php-sqlite3 php-mysql php-mysqli php-curl php-memcache php-mbstring'
#	apt-get install $list -y
#	for i in $list_ver;do
#	list="
#	php${i} php${i}-php php${i}-fpm php${i}-cgi php${i}-xml php${i}-dev php${i}-intl php${i}-enchant php${i}-soap php${i}-embed php${i}-tidy php${i}-bcmath php${i}-gd php${i}-xmlrpc php${i}-zip php${i}-ldap php${i}-redis php${i}-sqlite3 php${i}-mysql php${i}-mysqli php${i}-curl php${i}-memcache php${i}-mbstring
#	";
#	apt-get install $list -y
#	done

# webmin
wget https://software.virtualmin.com/gpl/scripts/install.sh 
bash install.sh 
systemctl enable webmin
rm -fr install.sh

# snycthing
echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
sudo apt update && sudo apt install syncthing
curl https://notabug.org/irwanmohi/test/raw/master/syncthing.txt  | sudo tee /etc/systemd/system/syncthing@.service
sudo systemctl daemon-reload
sudo systemctl start syncthing@root
sudo systemctl enable syncthing@root

# maldet
cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar zxvf maldetect-current.tar.gz
cd maldetect-1.*
./install.sh

# sed -i 's/email_alert="0"/email_alert="1"/g' /usr/local/maldetect/conf.maldet
# sed -i 's/email_addr="you@domain.com"/email_addr="YOU@YOURDOMAIN.COM"/g' /usr/local/maldetect/conf.maldet

# save ssh
/bin/sed -i "s/#Port 22/Port 8288/g" /etc/ssh/sshd_config
/bin/sed -i "s/#Protocol 2/Protocol 2/g" /etc/ssh/sshd_config
/bin/sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
service sshd restart

# csf

apt -y install libwww-perl
# yum install -y perl perl-libwww-perl perl-Time-HiRes unzip bind-utils

cd /usr/local/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

#csf configure

/bin/sed -i "s/RESTRICT_SYSLOG\s*=.*$/RESTRICT_SYSLOG = \"3\"/g" /etc/csf/csf.conf
/bin/sed -i "s/SYSLOG_CHECK\s*=.*$/SYSLOG_CHECK = \"3600\"/g" /etc/csf/csf.conf

# By default, CSF will block allowed IP if they break rules.
/bin/sed -i "s/IGNORE_ALLOW\s*=.*/IGNORE_ALLOW = \"1\"/g" /etc/csf/csf.conf


#/bin/sed -i "s/LF_GLOBAL\s*=.*$/LF_GLOBAL = \"1800\"/g" /etc/csf/csf.conf
#/bin/sed -i "s/GLOBAL_ALLOW\s*=.*$/GLOBAL_ALLOW = \"http:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/allow\.txt\"/g" /etc/csf/csf.conf
#/bin/sed -i "s/GLOBAL_DENY\s*=.*$/GLOBAL_DENY = \"http\:\/\/git\.buyscripts\.in\:10080\/boby\/firewall\/raw\/master\/deny.txt\"/g" /etc/csf/csf.conf

# This option will notify you when a large amount of email is sent from a particular script on the server
/bin/sed -i "s/LF_SCRIPT_ALERT\s*=.*$/LF_SCRIPT_ALERT = \"1\"/g" /etc/csf/csf.conf

# This option ensures that almost all Linux accounts are checked with Process Tracking, not just the cPanel ones
/bin/sed -i "s/PT_ALL_USERS\s*=.*$/PT_ALL_USERS = \"1\"/g" /etc/csf/csf.conf


/bin/sed -i "s/TESTING = \"1\"/TESTING = \"0\"/g" /etc/csf/csf.conf

# Disable IP blocking alert. You may get many, if you dont need to act on this, disable it

/bin/sed -i "s/PT_USERMEM\s*=.*/PT_USERMEM = \"1024\"/g" /etc/csf/csf.conf
/bin/sed -i "s/LF_NETBLOCK_ALERT\s*=.*/LF_NETBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf
/bin/sed -i "s/LF_PERMBLOCK_ALERT\s*=.*/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf

# Disable all alerts
# /bin/sed -i "s/LF_EMAIL_ALERT\s*=.*/LF_EMAIL_ALERT = \"0\"/g" /etc/csf/csf.conf

# ONLY CPANEL

if [ -d "/var/cpanel/" ]; then
    /bin/sed -i "s/SMTP_BLOCK\s*=.*/SMTP_BLOCK = \"1\"/g" /etc/csf/csf.conf
fi

# /bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"admin@serverok.in\"/g" /etc/csf/csf.conf

systemctl restart csf.service
csf -r

#basic

apt update
apt -y upgrade
apt -y install procps wget curl nmap whois vim git unzip telnet net-tools dnsutils tmux iftop
curl -Ls https://github.com/serverok/server-setup/raw/master/data/.vimrc > ~/.vimrc
echo "alias ll='ls -la --color'" >> ~/.bashrc
echo "alias rm='rm -i'" >> ~/.bashrc
echo "alias grep='grep --color=auto'" >> ~/.bashrc
echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc

apt-get install -y sysstat
sed -i 's/ENABLED="false"/ENABLED="true"/g' /etc/default/sysstat

systemctl stop apparmor
systemctl disable apparmor

source ~/.bashrc

# Cleanup and reboot
rm -f /root/install.sh
cp /dev/null /root/.bash_history
clear
echo -e ""
echo -e "Script executed succesfully."
echo -e ""
read -n 1 -r -s -p $"Press enter to reboot..."
echo -e ""
reboot